Hacker News new | past | comments | ask | show | jobs | submit login
Verizon is Selling Your Personal Data (app.net)
478 points by morewillie on Oct 9, 2012 | hide | past | favorite | 125 comments

Thanks for the PSA.

While I understand why these things tend to be opt-out by default, I'm surprised there was no email from Verizon updating users about these new settings with a link to opt-out if they wanted to.

I used to think that the telecom industry is a lot more regulated than social network companies like Facebook, but I guess that's not really true!

I received an email a while back from them basically saying they were going to start taking privileges with my data if I didn't go to a page and opt-out. I don't remember the text, but that was the gist.

[Edit] Did some digging and the email subject was: Important Update Regarding Your Privacy

It has various sections on what will be used and how with a call to action at the bottom listing your options.

Opening text: Why am I getting this notice?

Your privacy is an important priority at Verizon Wireless. Our Privacy Policy (available at www.vzw.com/myprivacy) informs you about information we collect and how we use it. Today we want to tell you about some important updates relating to two new uses of information. Verizon Wireless will begin using the information described below for (1) certain business and marketing reports and (2) making mobile ads you see more relevant. If you do not want us to use this information for these purposes, you can let us know by using one of the options described in the "Your Choices" section of this notice. This supplements our Privacy Policy.

Your choices section:

If you do not want us to use your information for any of the purposes described above, please let us know at any time by:

• Visiting www.vzw.com/myprivacy


• Calling 1-866-211-0874

I received the same kind of email from AT&T awhile ago. I immediately called them up, and asked to opt-out. After 30 minutes on the phone, the representative told me that the "feature" hasn't been rolled out yet, and I should call back a month later. Guess what? I completely forgot about it. That was probably the intention all along.... Thanks for the reminder, though!

I had a similar experience with Clear (wireless) and the binding arbitration clause in their ToS. When I called to opt out (because one cannot do so online, of course :-/ ) I was transferred 6 times and in the end the drone finally gave up and just asked if putting a note in "my file" would be sufficient. At that point, I think we were equally frustrated with one another and I settled.

But I can easily imagine some lawyer-type dreamed up such a clause but failed to tell anyone else in the business about it.

I can confirm that I also received this message some time ago.

(2) making mobile ads you see more relevant.

Does this mean they'll start replacing website ads with their own ads, like some wifi programs do?

Possibly, but I imagine it is really just lingo for "sell your information to advertisers".

Does Verizon software on phones have advertisements? Maybe they are going to start doing that.

They are definitely more regulated than social network companies, fortunately though they've captured the regulator as predicted by economics so they get to seek rent instead of worrying about regulators.

The telecom industry has so effectively captured their regulator that when they are caught tapping phones without warrant they are exempted from lawsuits instead of prosecuted vigorously.

If you offered a non-compliant unlimited data/voice/voicemail plan for $20 a month you'd have people lined up around the block, no one would care your phone won't work with CALEA and no one would care that your address wasn't in the 911 database. You'd also be extremely profitable using off the shelf hardware like software radios, and non-compliant open source telephony software.

The telcos weren't wiretapping for profit, but as an agent of the government. You got the direction of power backwards.

I don't think you've seen a wiretapping bill...

http://www.forbes.com/sites/andygreenberg/2012/04/03/these-a... "Wiretaps cost hundreds of dollars per target every month, generally paid at daily or monthly rates. To wiretap a customer’s phone, T-Mobile charges law enforcement a flat fee of $500 per target"

Still cheaper than texting!

I'd be happy my phone wasn't compatible with CALEA, I might care about 911 (else I'd have another tool/app to serve me) and as long as I can communicate, I'm not to concerned about scary "open source" stuff.

This is a big deal. The FTC will almost certainly investigate it and if it turns out to be as bad as described, will likely take action.

The process might take a while, but they eventually get results. They rely on the public to report incidents:


Having multiple people report a claim is good. Also, capturing screenshots etc. of everything you find,since they have a tendency to change and disappear quickly :)

Unlikely. They know all about this already. I'd recommend contacting your member of congress. Also, it's the FCC, not the FTC, who regulates phone companies.

I'm familiar with the targeting technology that's being rolled out and the people/companies involved with the project. They've extensively briefed both FCC and FTC plus key members of congress, and have received a tacit blessing to proceed because of a double-blind hardware technology involved to limit the identification of individuals, and the measures taken so far to alert consumers.

Not to say that it's good or bad to do this. But a company like verizon isn't going to proceed without covering their ass from a regulatory perspective.

I'm Canadian so obviously our privacy laws will be different but when I worked at a Telecomm we were told that in order to be compliant with the law we could only use customer data for what they has explicitly agreed to. Any changes to what we want we need to have them approve it again.

I specifically remember getting a letter in the mail a few weeks ago alerting me to this.

Offtopic: This is the first time I'm seeing a post "on" app.net and not "about" app.net

Might be something to do with people usually not linking to tweets unless they're really notable. And app.net items are effectively just long tweets.

This would make it seem more akin to Google+, right? G+ is linked to around here quite often.

Not to be overly harsh, but perhaps the difference is that Google+ is having more things published to it that people actually care about.

Well, yeah, but for the obvious reason - tweets are meant to be short and consumed in large numbers, but aren't generally meaty enough for a discussion, while some people are using Google+ as essentially a blogging platform. 140 (or 256) characters is rarely enough for an entire HN discussion, but that doesn't mean I don't enjoy reading dozens of tweets at a time to get a sense of what's going on.

Actually, many of those tweets have links, so in some sense Twitter competes with HN as a link aggregator, not with Google+ as a primary source.

> And app.net items are effectively just long tweets.

App.net doesn't have a limit on message length?

256 characters, IIRC

Why? Just to be like twitter, but different, with no comprehension of why the Twitter limit exists?

Comprehending why the Twitter limit exists should let you comprehend why there's no point for App.net to follow it.

The service won't actually be used for "micro-blogging" unless users are constrained by some limit, but 144 is too damn small. Nobody would ever have picked it if they weren't forced to, and these days they aren't.

What infinitesimal fraction of modern Twitter users in App.net's target market do you imagine use the service via SMS? The limit a legacy of an irrelevant use case.

I'd probably have gone a bit higher than 256 myself (disregarding attachment to powers of two), but it's an improvement.

> The service won't actually be used for "micro-blogging" unless users are constrained by some limit, but 144 is too damn small.

The funny thing is that in languages like Japanese and Chinese, where one "character" contains a lot more info than one Latin letter, Twitter is used in quite a different way.

I've been using Tent (https://tent.io) which also adopted 256 characters, and I think it's actually quite generous for statuses. Maybe too much; the nature of microblogging changes when you don't have to be concise. I bet the sweet spot is probably somewhere in 160-200.

Sticking to 140 would be a good standard for a microblogging standard since it would allow you to syndicate out to Twitter and you could emulate the API and automatically have other apps support that character limit.

If you go beyond 140 it is then no longer a microblog post, but rather just an ordinary blog post.

I'm not sure how many Twitter users actually use SMS any more. I tried to use it to send in an update a few weeks ago and it took ~4 hours for the tweet to appear in my timeline. I'm in the UK so maybe they have better response times in other countries.

For how I use Twitter 144 characters is perfect, it forces a nice level of brevity.

Technically this is more like a thread with comments.

Twitter displays threads, as well. See the following tweet as an example: https://twitter.com/tvladeck/status/255775327165505536

Just so everyone knows, AT&T does the same thing. You have 30 days from the date of your contract before they start passing it out, but I believe you can opt out of future transactions on the site. Try going to http://att.com/ecpnioptout (if you got a new contract with your iPhone 5, do it this week!)

Edit: I should say, AT&T does something similar. I do not know if it is the same thing, since their opt-out page makes it sound rather innocuous compared to the vague language used in the mailed letter. CPNI = Customer Proprietary Network Information

AT&T's is much more invasive -- it is across all of their telecom platforms (DSL, TV, wireless, wifi, etc). They also will log location information for advertising: http://www.att.com/gen/privacy-policy?pid=2506

You can find more information from their AdWorks division: http://adworks.att.com/press.html

If they were to begin network sniffing, they could potentially build powerful user profiles that would be more valuable than Facebook's data (and truly "frictionless"). Your passive internet browsing would start influencing the commercials you see on TV.

Further update, because I can no longer edit my post...

If you're trying to opt out and it isn't working for any reason, attempt it again during normal business hours (9-5, EST or PST) and see if it does work. As ridiculous as it seems, many functions cannot be performed outside of this window including registering my billing account. Try again tomorrow around midday and those mysterious "timeouts", "unknown errors", etc may magically disappear. If not, your provider should have a phone number you can call (oh, goody) to take care of the same thing.

These are the steps to opt out of Verizon “selling your personal data”, as far as I can tell:

Visit http://www.vzw.com/myprivacy. If you are not already signed in to My Verizon, you will be prompted to sign in – after doing so, return to that myprivacy page.

Click the link “Manage Location Privacy settings” near the bottom, which points to https://locationmanagement.vzw.com/

You should now be at “Location Management” > “Location Privacy Settings”. I’m guessing that this is where you actually opt-out. I’m not sure because there’s nothing for me to do here – I see “There are no services available. A location service must be downloaded on the handset to be listed here.”.

No, I had several options on the page linked by OP. When I went to the locationmanagement.vzw.com page, it says, "There are no services available. A location service must be downloaded on the handset to be listed here."

As far as I can tell, the Location section applies to Verizon-made apps, like their $5/mo navigation app.

(Dunno who would sign up for a paid Verizon mapping service, though...)

Exact same for me. I'd like to opt out but I have no idea how from the instructions provided.

Ditto. But I'm using an iPhone, so maybe the Verizon-provided stuff is just not there?

A related story: I was recently shopping around for a new ISP. One I considered was Verizon FiOS. In order to see the prices in my area, I had to enter my address.

Two weeks later, I got a letter in the mail. Written outside on the envelope was something like: "We noticed you were checking out our website! Here's a special offer just for you..."

It's not the same as what OP posted, but it certainly left me creeped out.

Heh, that's why I always fake address details when I'm checking out cable or DSL options. Of course they're going to use the personal information you enter for marketing purposes, that's why they ask for specifics like apartment number and your mobile number that they don't need to determine service availability.

that's a clever way of sticking it to them, jrock. i feel sorry for my neighbors already.

You don't use valid addresses, of course. If you're in apartment 2R, you say apartment 10B or something.

It is possible to enter completely fake information, rather than someone else's address. (For example, aside from the burden on the post office, I think entering a street address for an apartment complex without an apartment number harms no one.)

Though unfortunately the mailman is usually smart enough to route that kind of mail if the name on it is correct.

Actually, it's quite difficult to fail to send someone a letter. The post office does try pretty hard to deliver mail.

Why are you so creeped out that they sent you a piece of advertising by mail after you gave them your address? It'd hardly be surprising these days if you received spam after giving away your e-mail address.

It is still abusive, to represent that they need it for transactional purposes and then to spam you with it instead.

Flightfox just posted an article about how they more aggressively pursue potential customers with email, and it's doubled their conversion rate.

How is this isolated example of snail-mail marketing at all creepy? As long as it's Verizon and not a third party, it isn't strange at all.

There's a difference between "strange" and "creepy".

Something can be really common and still really creepy.

I get pounds of mail every year advertising U-Verse when AT&T doesn't offer U-Verse at my address. The mail has been coming for years now. Big thick envelopes full of brochures, little letter-sized envelopes, oversized postcards. At least Verizon is advertising a service you can actually buy.

At least Verizon is advertising a service you can actually buy.

Don't count on it. I'm constantly pestered by Verizon to buy their FiOS service, and FiOS isn't available in my apartment complex.

This is common with many, many services.

I'll generally enter another address in the neighborhood.

When I was last shopping for DSL internet service in the UK, every provider would require you to enter your phone number to see what speeds they could provision you with.

Most had a small box to uncheck to avoid a marketing follow up phone call.

But at least one company didn't have a box--they just had a message saying that if you entered your phone number to check for service, they would call you at some unspecified later date. There was no way to opt out.

Needless to say, I didn't buy their DSL.

given the increasing ubiquity of these kinds of deals and the quixotic whack-a-mole game they call opt outs, how dumb would it be to cut out the middle men and just say "hey, for the low price of whatever you're paying now we'll all just sell you our habits, cookies, weblogs, location data, brand preferences and shopping habits (via some up front mobile aggregator of said data). It seems likely that people spend enough collectively tracking and profiling me that it might pay for a night out a month if we cut out the middle men. And hell, it might even have an unexpected bonus - the law of the jungle say if it runs chase it and if it chases you, run. Maybe you'd stop being desired tracking target in the end :)

You're expecting the NSA-hats will get bored watching us check into the same restaurants and movie theaters after months and years? You're more optimistic than me.

What the hell is it with you Americans and your abhorrent carriers?

Boy do I wish it was just American carriers that are abhorrent...

Americans are not good at leveraging their government for consumer-friendly oversight of stuff like this.

People keep paying them money.

People keep having few (if any) alternatives for fast, reliable service providers.

I don't know and it makes me sad.

No requests are sent when I hit the "Save Changes" button. I have a small amount of confidence that my preferences are going to be picked up.

It doesn't seem to work in Chrome. Worked for me in Firefox.

"Verizon" and "Verizon Wireless" are separate companies. It looks like this refers to Verizon Wireless: e.g., if you have Verizon service for phone, FIOS, or whatever, you are unaffected.

Well, they're probably still selling your personal data, but not in this specific instance.

Eh, Kinda. Verizon Communications owns the majority (55%) of Verizon Wireless.

> EVERYONE is selling your personal data.


Not for the lucky Verizon customers who happen to catch this.

Will using https prevent them from doing this? I imagine it would stop data gathering and referrer gathering but the source URL request they would still be able to see?

A VPN would be the only option to keeping them completely blind? I can set up a VPN on an Amazon micro instance for free. The amount of data used should be nothing or mere pennies per month to Amazon.

The only trouble is keeping a VPN up. I find on an iPhone at least that while once working, it works reliably, but keeping it working is unreliable. It seems when you transition from one network to another, one wifi to another, one cell tower to smother, or from wifi to cell and vice versa, the connection can often drop.

I wish there was a setting like "auto connect VPN when any data request is made".

I've tried VPN's from Amazon of my own creation as well as the VPN included with my GigaNews account.

I'm sure running the VPN on your mobile is great for battery life.

I am already looking forward to the upcoming VPN witch hunt. When US provider are really going through with the six strikes "warning" system [1], VPNs will become more and more mainstream. It is going to be interesting which kind of CP/Terrorism yadayada they are going to pull this time.

As a VPN user for closed to ten years nw (yes, I am that paranoid/live in a tough-on-downloads region) I can honestly say, that its benefits outweigh the negatives by far. But it takes some time to find a stable VPN service, that fits to your expectations.

[1] http://arstechnica.com/tech-policy/2012/09/six-strikes-inter...

Correct me if I'm wrong, but I've always had the understanding that VPN providers would give you up to the feds in an instant if they came knocking on their door with a court order for suspected criminal activity.

I'm in the process of looking for a solid VPN provider myself, and this is the impression I'm getting after reading the terms & conditions for services like Private Internet Access and VyprVPN.

That is why you use a VPN that is incapable of doing so. There is no technical need for such a service to log anything other than rough usage.

I think eventually the answer is to move away from centralized and for-profit providers and network architecture, both for the hardware side of the network and the software side.


Noncommercial internet. Original style.

Make the internet more like the telephone network, not the TV network. People do not like to be hounded by telemarketers day and night.

The telephone network IS houndd by telemarketers. That is the term's origin.

But we've tried to regulate this. The telephone has some utility besides just being a marketing channel.

With TV, it's a lost cause.

Maybe opting out is not how to stop this abhorrent practice of selling personal information. There is much more at stake than sites just selling email address lists. There is much more detailed information involved.

Perhaps what would work better is flooding these marketers with false information. This is what hampers email lists. Most the addresses do not work.

As it stands the few (or many) people who fail to "opt-out" (or fail to use proxies) may make this sort of personal information sales market worthwhile because the information gathered is detailed and reasonably accurate. It's not just a list of disposable email addresses. It's higher quality.

Using Chrome the buttons to save changes were not functioning.

For each section, select the option you want, then in console run chgCPNI(); or chgReports(); or chgAds(); depending on which section you changed.

Turning off Ghostery (ironically?) fixed the problem for me.

Also, check out how long Verizon stores your data:


Where can I buy this data?

Tried to change settings and got an error. Quelle surprise.

"Your privacy is an important priority at Verizon Wireless."

From the Verizon customer privacy settings page.

Does anyone know if this applies to iPad-only customers? That's my only Verizon account, but the opt-out link requires a phone number to log in. (Ditto for the "forgot user id" form.)

I retrieved my iPad phone number as per the other comment and logged into the website. Their site says my info is being shared and when I try to switch this it says the settings can not be saved. Calling the 800 number says I am already opted out.

I tried speaking with a CS agent who had no idea what privacy settings I was talking about and then said it does not apply to pre-pay customers. I think she was just trying to get me off the line.

So I'm not sure if this applies to iPad customers or if it is possible to opt out.

You'll find your iPad's phone number under Settings, Cellular Data, View Account.

wow. At least they gave you the option to opt-out haha :)

Except the law and their own wording requires opt-IN:

"...we need your permission to share this information among our affiliates, agents and parent companies (including Vodafone) and their subsidiaries."

Somewhat - to them anyway, permission is "granted" by you choosing not to opt-out. It's a crazy, muddled-up, mixed up world.

"Option"? IMO this should be illegal, but i'm sure there is some clause in the contract which allows such use.

I do like how it's illegal to sell a person video rental history, but totally fine to sell information that shows everywhere they are at anytime of the day.

When some Congressman gets busted by this we'll probably get a Mobile Privacy Act.

Here's the text you see when you log in, if you don't have Verizon. When trying to opt-out, I get an error.


Your privacy is an important priority at Verizon Wireless. Our Privacy Policy informs you about information we collect and how we use it. Read our Privacy Policy.

Location Based Services ("LBS") Privacy Settings A location service is any service that provides access to location information, such as maps of places of interest and turn-by-turn directions, on your handset. These services may require Verizon Wireless to access the location of your handset. For location services you use that are supported by Verizon Wireless, you can Manage Location Privacy settings.

Customer Proprietary Network Information Settings As a provider of certain telecommunications services, Verizon Wireless collects certain information that is made available to us solely by virtue of our relationship with you, such as quantity, technical configuration, type, destination, location and amount of use of the telecommunications services you purchase. This information and related billing information is known as Customer Proprietary Network Information (CPNI). The Federal Communications Commission and other regulators require the Verizon Companies to protect your CPNI.

Verizon Wireless shares information among our affiliates and parent companies (including Vodafone) and their subsidiaries unless you advise us not to. Sharing this information allows us to provide you with the latest information about our products and services and to offer you our latest promotions.

Settings Don't Share My CPNI OK to Share My CPNI

Business & Marketing Reports Verizon Wireless may use mobile usage information and consumer Information for certain business and marketing reports. Mobile usage information includes the addresses or information in URLs (such as search terms) of websites you visit when you use our wireless service, the location of your device ("Location Information"), and your use of applications and features. Consumer information includes information about your use of Verizon products and services (such as data and calling features,device type, and amount of use) as well as demographic and interest categories provided to us by other companies (such as gender, age range, sports fan, frequent diner, or pet owner). We will combine this information in a manner that does not personally identify you. We will use this information to prepare business and marketing reports that we may use ourselves or share with others. We may also share Location Information with other companies in a way that does not personally identify you. We will allow these companies to produce limited business and marketing reports. See our Frequently Asked Questions for more information about these reports.

You have a choice about whether we use your information for these reports.

Settings Don't use my information for aggregate reports OK to use my information for aggregate reports

What is really strange to me is the page is different in firefox and chrome (3 options vs 2), the chrome page doesn't work, and if you turn off everything in firefox, then reload the page in chrome, chrome shows them still all being on.

Unrelated, but having had to log in, I'm now reminded of a VZW security issue:

Can someone explain the doubtless backward and sloppy thinking that would convince Verizon that they should forbid their users from including symbols in their passwords?

This is to prevent users from creating passwords they cannot remember. It could very well be true that having a streamlined password recovery system (weak to social engineering) is less secure than having easy-to-remember easy-to-guess passwords.

I've taken to flagging all comments like this.

I don't think it even remotely adds to the discussion to pick some usability issue and harp on it. These kind of comments crop up for every story. Easy way to score points, not useful, buries better comments.

I think a good rule of thumb is that if you didn't need to read the article to make a comment, it's not a good comment.


A: Mazal tov. I enjoy the magical thinking that makes your meta comment more valuable than my meta comment.

B: This isn't a usability issue. This is a security issue.


C: It's not an "article." It's a tweet. So we don't have a lot of deep meaty content to work with here. Are you a bot? Did you read it?

You're way out of line flagging this, in my opinion. It's a security issue, and a big one at that. I also see no reason to believe that the user is attempting to "score points". Lastly, the comment is in fact quite useful.

I agree wholeheartedly with this. We're supposed to be the good guys--revealing security issues should be something that gets heavily rewarded with karma.

That's exactly what the down-vote is meant for. If you think a comment is off-topic, down vote the post and perhaps add a comment as to why you think it deserves to be down-voted.

Flagging is expensive, in that it requires mod (human) attention. It should be reserved for spam and other egregious posts. Let the mods spend their valuable time on more important tasks.

I wasn't aware that flags required moderator attention. I assumed that once an article was flagged enough times, a mod would be alerted, but not that each flag would trigger an alert.

I would very much like to get moderators' attention or feedback on this. I don't think these kind of comments should be banned, but I think they would be curbed if there was a community guideline.

Good point. I don't know how the HN software is written but my guess is that when it's time to take action (X number of flags), it's something a looks at.

There could be a level of automation built into this where X number of high reputation members flag something, it could automatically be banned.

Either way, I think flagging is more fitting to abuse than off-topic. I agree with you that it would be great to get a mod to weigh in on this.

Unfortunately, many of us don't have downvote rights yet. If this were the case, I definitely wouldn't flag unless community standards were flagrantly violated!

Don't worry; if you wanted to vote a post down, there's probably someone with high enough karma who also wants to downvote the same post.

Strangely enough, that's comforting!

How do you get downvote abilities? I had them on my old inactive account from a few years ago but not this one. Is there a karma quota or something?

Do moderators actually go through all flagged items? If so, that would probably explain why I can't flag anymore. I assumed flagging was automated, so I basically used it as down-vote for articles.

I emailed info@yc about my lack of flagging ability a couple months back. They said nothing was wrong with my account. Now I feel bad that I wasted someone's time. :(

I should have been more clear that I was speculating that a flag ultimately required mod attention. I'm going based on personal experience with forums and software development.

Be very wary of flagging. I believe (corrections welcome) it can result in an entire account being invisi-banned without notice to the user. Should be reserved for the most egregious offenses, with downvoting used for the rest.

So do banks... other telecoms... Facebook... Google... etc.

Verizon sent me a letter about this a couple of years ago that's when I told everyone I knew with Verizon to opt out of it before they implement it

Verizon is not the only one who does this. I've seen the same from AT&T and Chase. I'm sure the list of companies that do this is very long.

I haven't received an email and when I logged and checked the settings on my account I was already opted out.

Well that sucks, doesn't it?

Newsflash: Everyone who possibly can is selling your personal data.

I wonder if they are doing the same for their FiOS customers.

Who isn't these days?

I called Verizon and they said this is a phishing scam... Has anyone else independently verified the original claim with Verizon, other than through their website/privacy TOS?

This isn't a scam - I found that link last night when I was going through my billing paperwork from Verizon.

Wow. They claim that a page on the verizonwireless.com/vzw.com domain with a class 3 SSL certificate is a "phishing scam". This is probably some form of scummy damage control - convincing uninformed customers that it had nothing to do with them.

Selling data, or exploiting to sell ads?

Neither Google nor Facebook sell user data, they hold it close and sell ads against it.

The question is not what Verizon is doing but what is Verizon _not_ doing? The answer will be much shorter.

This is very, very old news.

Old news that's still very, very relevant.

I just switched to Verizon from another carrier and didn't know about this. I much appreciated the post.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact